Is there a web service in Moodle that can be used to assign a global role, e.g. course creator, to a user based on his ID?
You can use core_role_assign_roles for assign roles and for unassign use core_role_unassign_roles.
Related
When I am using the following code:
cf create-org (ORG_name)
I am getting an error:
You are not authorized to perform the requested action
In many distributions of Cloud Foundry, an org represents an entire company or account so you likely won't be able to create another org without signing up for another account. (See MindSphere documentation)
Orgs and spaces are used to control user permissions and organize resources such as apps and services. Unless you are trying to create a space that you don't want your org manager to see, you might just create a new space instead.
Actually I have used to push my application to mindsphere, but it was not done because i used normal user account. It need developer account to push the account.
If this is a Developer tenant, then you will already have an org for the tenant, which has the same name as the tenant. You can't create another org. By default, only the tenant owner is in the OrgManager role which can access the org.
Either:
Get the tenant owner to add you to the OrgManager role
Use MindSphere Settings to create Service Credentials for Cloud Foundry. This will allow you to login to cf using those credentials, access the cf org and add your real user to the org
My personal account is an admin in my gcp project.
If I want to use one of the service accounts I have created (from my local laptop) I do this:
gcloud auth activate-service-account --key-file=some-service-account.json
But I wonder, if I already have my own admin account active, is there a way to just assume a service account without the key? Can GCP use my current creds to give me access to assume that service account?
If so this also makes me wonder if I can use service accounts applied to GCE instances the same way. So I can attach a service account to a GCE instance that gives it access to assume other service accounts.
I think what you're looking for is "impersonation". You need roles like iam.serviceAccountUser to do this. Refer to these docs and articles:
https://cloud.google.com/iam/docs/service-accounts#the_service_account_user_role
https://medium.com/google-cloud/using-serviceaccountactor-iam-role-for-account-impersonation-on-google-cloud-platform-a9e7118480ed
https://medium.com/google-cloud/impersonating-users-with-google-cloud-platform-service-accounts-ba762db09092
we have a cloud foundry demo installation for customers. Customers are able to create an account. Now, I would like t assign automatically a specific org and space incl. roles to every new user.
Is that possible?
You could create a web application that users go to create their account then use uaa apis and cloud controller apis to create and assign the user to whatever you want. This application can use uaa client accounts with appropriate authorities.
If you only want users to create their accounts using your application I believe you can tell uaa to disable self service links in the uaa ui using "login.self_service_links_enabled=false" and can probably stop people from creating their own accounts on the CLI by removing the "scim.write" scope from the cf client.
There's nothing out of the box that does this. I can't see anything in the events API that you could plug into either.
We are using RemoteUserStoreManagerService admin service to add subscribers (end application users) to WSO2 system. Web service automatically assign "Internal/everyone" role to such an user. Even if we provide a list of desired roles for user into WS function.
Can we change such behavior? Can we turn off auto-assignment or we need to use some different API for creating subscribers?
Main problem is, that "Internal/everyone" role for default has maximum system priorities, we want manually assign desired roles for subscriber.
It's the expected behavior that 'Internal/everyone' role get assigned to each and every user. The purpose of having this role is to assign the permissions for newly registered users (If you want the newly registered users to be capable of login and change their password etc.).
If you do not want such functionality, you remove all the permissions from this role.
Hope this helps.
Is it possible to use the IAM API as a user registration service for my application.
I.e. if i present the user to create an account and password. Can they then log in with the IAM and use my application.
Or is it more for developers who are tinkering around with the actual AWS platform?
Thanks,
Ben
That's not what AWS Identity and Access Management is made for. I guess you don't want your users to have access to your infrastructure … If you want an user registration you should implement it inside your application.